Turkey's Gulen Movement Linked to Cyber-Attack on US Citizen

Hacking Team, an Italian company which sells powerful tools to governments and law enforcement agencies has been hacked with 400GB of internal documents leaked showing it sold to oppressive regimes it previously denied.Reuters

A powerful digital spying tool used by governments to monitor its citizens has been linked to a failed attack on a US citizen.

The US woman believes she was the target of this cyber-attack because of her outspoken criticism of the Gülen movement, which has infiltrated parts of the Turkish government. The woman, who doesn't want to be identified over fears of retaliation and who spoke anonymously to Wired, received a highly-tailored spear-phishing email purporting to be from a Harvard professor who has previously written about the Gülen movement.

The email contained a link to a website in Turkey which hosted malicious software which would be downloaded to your PC if you simply clicked on the link. The woman sensed a problem with the email and on closer inspection of the email address saw it was sent from an @hawhard.edu address rather than the expected @harvard.edu.

The email was passed to researchers at Arsenal Consulting who analysed the website and found it contained malicious software which it was able to link to governmental spyware sold by the controversial US-based Hacking Team.

While the researchers were unable to get hold of the file which the site was intending to install, as it was removed quickly by those behind the attack, it was able to analyse the downloader and this showed it was the same downloader which has been used in the past to download Hacking Team's Remote Control System (RCS) - also known as DaVinci.

Gülen movement

The Gülen movement is a transnational religious and social movement led by Turkish Islamic scholar Fethullah Gülen. The movement's main focus seems to be education and estimates suggest it has 1,000 schools established around the globe, a number of which are said to be in the US. Gülen himself is currently living in self-imposed exile in Pennsylvania.

The woman targeted by this attack said it was her outspoken criticism of these charter schools in the US which led to her being targeted. The email was sent to an anonymous email address the woman uses in an attempt to identify her, gain access to her private data and communications and ultimately attempt to discredit her.

While there is no concrete evidence of who is behind the attack, there is significant circumstantial evidence which gives an indication of who is behind the attack. Mark Spencer from Arsenal Consulting said: "We have an email, a purported sender, and a target all critical of the Gülen movement. We have professional malware launched from a server in Turkey. You can take it from there."

Spying

Hacking Team is one of a growing number of companies who sell hugely powerful cyber-weapons which can monitor the phone calls, emails and online activity of those they are deployed against. While Hacking Team has told IBTimes UK in the past that it won't sell to companies or countries on NATO, US or EU blacklists, this latest revelation suggests that Turkey, which is a member of NATO, could be using these tools to spy on American citizens.

Hacking Team spokesman Eric Rabe would not confirm or deny whether Turkey was one of its customers.

RCS is just one of a number of powerful tools available to governments, intelligence agencies and police forces around the world. One of the best known is FinFisher which is sold by UK-based Gamma International which was labeled as one of five "Corporate Enemies of the Internet" and "digital era mercenaries" by Reporters Without Borders in March of this year, for selling products that have been or are being used by governments to violate human rights and freedom of information.

Reticent

Like all such companies Gamma International and Hacking Team are reticent to speak too much about what it is their cyber-weapons can do, who uses them or how much they get paid.

Critics of the use of these tools have claimed they have led to the torture and in some cases the deaths of those being monitored. Hacking Team in particular has come in for a lot of criticism as its software has been linked to oppressive regimes in Morocco and the United Arab Emirates who use it to illegally monitor activists.

The escalation of cyber-espionage in recent months has become front page news, with the US government taking big steps to address what it believes is a major threat from outside forces, primarily China, who the White House has accused of breaching the security of critical infrastructure in the US.

An attack on an American citizen by a NATO member would mark a new milestone in cyber warfare, as it is an attack on a US citizen on US soil, without the knowledge of the government and without a link to criminal behaviour or terrorism.